Volo, an Sui ecosystem protocol, released a statement on the X platform confirming that a security vulnerability occurred, resulting in roughly $3.5 million in assets being stolen from three specific vaults, involving WBTC, XAUm, and USDC. Volo said it notified the Sui Foundation and ecosystem partners immediately after detecting the attack, freezing all vaults to prevent further losses; Volo pledged to cover all losses and not to hold users responsible for anything.
### Attack Scope and Current Vault Status
According to the statement Volo posted on X, this exploit was limited to three specific vaults. The stolen assets include WBTC, XAUm, and USDC, totaling roughly $3.5 million; the remaining Volo vaults’ approximately $28 million in TVL has been confirmed to be secure, and there is no evidence of shared attack pathways.
The statement notes that all vaults are currently frozen, pending further decisions after a complete post-incident analysis and the completion of the vulnerability fix. Volo is actively working with on-chain investigators and ecosystem partners to carry out efforts to recover funds, and plans to publish a complete post-incident analysis report after the investigation is finished.
### Volo’s Loss-Coverage Commitment and Next Steps
According to Volo’s statement, Volo said it is “prepared to take on this loss and will do its best to ensure that users bear no responsibility,” and plans to develop a remediation plan after crisis handling is complete and publish the detailed plan.
### Frequently Asked Questions
#### What is the amount of loss and what assets are involved in this Volo security vulnerability?
According to Volo’s statement on X, this security vulnerability resulted in roughly $3.5 million in assets being stolen from three specific vaults, involving WBTC, XAUm, and USDC. The remaining vaults’ approximately $28 million in TVL has been confirmed to be secure, and there is no shared attack pathway.
#### Does this attack affect all of Volo’s vaults?
According to Volo’s statement, this vulnerability was limited to three specific vaults. The other Volo vaults have been confirmed secure. All vaults are currently frozen, pending a complete post-incident analysis and vulnerability remediation.
#### What commitment has Volo made to affected users?
According to Volo’s statement, Volo has clearly stated that it is prepared to assume all losses from this incident, pledging that users will not bear any responsibility. Volo also plans to publish the remediation plan and a complete post-incident analysis report after the crisis response is completed.
